What is a Strong Password?
A Strong Password is usually defined by a set of characteristics. If your password possesses each of these characteristics then it would be considered strong.
1. A Strong Password consists of at least 8 characters. (The more characters the stronger it is.)
2. A Strong Password consists of a combination of Letters (Upper and Lower Case), Numbers, and Common Symbols (@, #, $, %, etc.).
Now, why in the world do you need a Strong Password? Well, where all do you use a password? You use a password to access your Gmail, your iTunes, your Facebook, your Twitter, your computer at work, your Online Banking, your Wireless Network at home, your PlayStation Network (when it’s up), and all of your Online Games. How many of those would you want someone to have access to?
Yeah, but why a Strong Password, why can’t I just use my rabbit’s name, Thumper?
When it comes to cracking a password, thumper just isn’t going to slow many people down. Password Cracking is a numbers game. There are 7 characters in “thumper”, all lower case. In a 7 character password with only lower case letters there are 8 Billion (roughly) combinations. Sounds like a lot right? A fast computer (one you could probably get from Dell) can try 100 million combinations a second. That means that your password lasts about 80 seconds under a Brute Force Attack.
Brute Force Attack?
The most common type of Password Hack is the Brute Force Attack. Basically a program will throw random strings of characters at your password protected genie bottle until it finds the one that will open it up. That means that if your password happens to come up in the first 10 million combinations your password took about 1 second to crack.
Well I spell Thumper with a capital T
Ok, in a 7 character password with Upper and Lower Case letters, there are about 1 Trillion combinations. Again, on a standard computer, like the one you got your Grandma for Christmas last year, your password will last about 3 hours.
Who is going to spend 3 hours cracking a password?
That depends, how much money do you have in your bank account? How many Social Security Numbers do you have stored in a Database at the office? How much damage can someone do once they’re connected to your Wireless Network at home? You definitely don’t want to be this guy.
Is a Strong Password that much better?
Let’s play with the numbers a bit, shall we? If you change just one of those letters to a number (Thump3r), you increase the possible character combinations to 3.5 Trillion. Now your password takes 10 hours to crack. Add one of the 34 common symbols as well (T#ump3r) and you increase the combinations to 75 Trillion, that’s 8 ½ days that Joe the Hacker Boy down the street will have to wait to get your password. Now he has to start thinking about his ROI. Is that 8 ½ day wait worth getting your $1000 emergency fund?
Do you want to really throw the hackers for a loop? Increase the length of your password by a single character (T#ump3rs). Your 8 character password with Upper and Lower Case Letters, Numbers, and Symbols has a possible 7.2 Quadrillion combinations! That’s 7,200,000,000,000,000! That one character means that it will take a decent computer about 2 years and 3 months to crack your password.
Here are a couple of tables with some of the numbers, a few of you may be interested. For my “Math Major” friends, go easy on me, the numbers are close enough, the precision is very low.
Keep in Mind
These numbers are based on a completely random Brute Force Attack. Unfortunately, the bad guys are smarter than that. They won’t always go brute force and if they do they defintely won’t go random. They’ll try the most obvious things first using any information that they can get. Your name, your birthday, your pets names, your kids names, all of that. Also, the computer that these numbers are based on is a computer that you or I could own. It can do 100 million passwords per second. As of 2009 fastest computer in the world could process about 24 Billion passwords per second. I guess the point is this: Go Strong or Go Home. I’ve always wanted to say that.
How do you guys pick a password? How quickly would your normal password be cracked if you went by the numbers in these tables? Let me know what you think, comment at the bottom.
Dennis Edmondson Jr
Computing Concepts LLC
